ICMP(v6) filtering?

Cameron Byrne cb.list6 at gmail.com
Mon Aug 6 05:04:27 CEST 2012


On Aug 5, 2012 8:00 PM, "Doug Barton" <dougb at dougbarton.us> wrote:
>
> On 08/03/2012 05:39, Benedikt Stockebrand wrote:
> > yes, in some cases you may want to filter e.g. routing headers and
> > such.
>
> Do you have references to this issue?
>

http://tools.ietf.org/html/rfc5095

> > More generally speaking, with new ICMP6 types possibly coming
> > up you may want to whitelist rather than blacklist individual ICMP6
> > types/codes.
>
> This is the opposite of what should be done, for 2 reasons. First, you
> should only blacklist things you know you're having problems with.
> Second, but taking the approach you suggest you miss out if the protocol
> changes and you don't update your filters.
>
> The whole concept of blanket ICMP restrictions in v4 was bad, doing it
> for ICMPv6 is really bad.
>
> --
>
>     I am only one, but I am one.  I cannot do everything, but I can do
>     something.  And I will not let what I cannot do interfere with what
>     I can do.
>                         -- Edward Everett Hale, (1822 - 1909)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120805/ee98e8c9/attachment.htm>


More information about the ipv6-ops mailing list